On Sat, Feb 16, 2002 at 01:52:15PM -0500, Bill Merriam wrote:
> Attached is a capture of SNA traffic 802.2.
After the two Ethernet addresses, there's a field with the value hex
80d5; that's much larger than the maximum length of an Ethernet packet,
so it's a type field, not a length field, which means it's Ethernet II,
not 802.3.
According to
http://www.iana.org/assignments/ethernet-numbers
an Ethernet type of 80d5 is "IBM SNA Service on Ether[net]".
According to
http://www.cisco.com/univercd/cc/td/doc/product/software/ssr90/rpc_r/18059.pdf
SNA-over-Ethernet packets start with a 3-byte header containing a length
field and a padding byte, followed by an LLC header and payload.
So it's SNA over 802.2 over "SNA on Ethernet" on Ethernet II, not SNA
over 802.2 over 802.3.
> Ethereal 0.9.1 on Windows XP interprets this as Ethernet II.
Ethernet on *any* platform will interpret it as Ethernet II, as that's
the correct thing to do. The same is true of any other network analyzer.
Unfortunately, 0.9.1 won't then interpret the payload as
SNA-over-Ethernet, because it doesn't have any support for
SNA-over-802.2-over-"SNA-over-Ethernet"-over-Ethernet (as opposed to
SNA-over-802.2-over-802.3).
I've just checked in a change to support Ethernet type 80d5 as
SNA-over-Ethernet; it should appear in the next release.
> "Decode as" doesn't give me the choice of 802.2
802.2 isn't a choice - there are hard and fast rules for determining
whether a packet has an 802.2 header, and where the 802.2 header is, and
it makes no sense to allow that to be overridden (and the way that's
done doesn't provide a hook for Etheral to do that in any case).
